issuhub.com

CEH

(Jeff_L) #1

Chapter 9: Sniffers 425



  1. C. A polymorphic virus evades detection through rewriting itself.

  2. C. A sparse infector evades detection by infecting only a handful or selection of files instead
    of all of them.


Chapter 9: Sniffers



  1. D. Each switchport represents a collision domain, thereby limiting sniffing to only the cli-
    ents residing on that port.

  2. A. All wireless access points are essentially hubs in that they do not segregate traffic the
    way a traditional wired switch does.

  3. D. An NIC must be configured to operate in promiscuous mode to capture all traffic on the
    network. More specifically, it allows the interface to capture both traffic that is intended
    for the host and traffic that is intended for other clients.

  4. B. IP DHCP Snooping can be used on Cisco devices to prevent ARP poisoning by validating
    IP-to-MAC mappings based on a saved database.

  5. C. Jason can implement a form of encryption for the traffic that he wants to protect from
    sniffing. Secure Shell traffic would not be readable if captured by a sniffer; however, any
    legitimate network troubleshooting efforts would also prove more challenging because of
    packet encryption.

  6. C. MAC spoofing results in duplicate MAC addresses on a network unless the compro-
    mised client has been bumped from its connection. Two IP addresses mapping to one MAC
    indicates a bogus client.

  7. A. Bob can launch a MAC flooding attack against the switch, thereby converting the switch
    into a large hub. If successful, this will allow Bob to sniff all traffic passing through the switch.

  8. B. ARP poisoning alters ARP table mappings to align all traffic to the attacker’s interface
    before traveling to the proper destination. This allows the attacker to capture all traffic on
    the network and provides a jumping-off point for future attacks.

  9. C. Wireshark operator == means equal to. In this scenario, using the == operator filters
    down to 192.168.1.1 as the specific host to be displayed.

  10. A. Cain and Abel is a well-known suite of tools used for various pen testing functions such
    as sniffing, password cracking, and ARP poisoning.

  11. C. The command for the CLI version of Wireshark is tshark.

  12. D. TCPdump uses the option –w to write a capture to a log file for later review. The option
    –r is used to read the capture file, or the capture can be opened in a GUI-based sniffer such
    as Wireshark.


bapp01.indd 425 22-07-2014 10:56:36

Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2025. All rights reserved.